Identity Federation is all about trusts. As the diagram shows below, all participants within such identity federation form a cycle of trusts. One can easily extend federated authentication for Windows Azure Service Bus to external user communities with social identity, Windows Azure Active Directory (WAAD) tenant’s cloud identity, or business partner’s identity. It also supports federation protocols such as SAML-P, WS-Fed and OpenID.

There are times when you might find yourself needing to migrate a relying party (RP) from one AD FS implementation to another. Unfortunately, at the moment there do not seem to be existing tools to do this. So, we offer the following rather quick and dirty approach. There might be better ways, but this gets the job done.

There are many ways to create self-signed certificates; some require additional tools that are not typically available on a Windows server or use cryptic commands. This PowerShell script offers an easy way to create SSL certificates without requiring anything that isn't typically installed on a Windows server.

A lot of technical notes and web articles talk about different aspects for claims-based federation between ADFS 2.0 and SharePoint 2010. In this blog, we will primarily focus on claims mapping, setting for authentication and authorization process.

So one of your users has received an error from AD FS 2.0, and you need to determine what the problem is. Unfortunately, sometimes the error message doesn't give much of a clue—for example the web page shown below.

So you want to make some of your applications available using federation but you have multiple forests. What can you do? Well, if you have two-way trusts between your forests, you’re in luck, because AD FS works very well if you have two-way trusts between the forests. But what if you have only a one-way trust between forests? Then what?

For this scenario, we will assume that you want to provide SSO to multiple applications for users from two different forests. The applications may reside in one or the other of the forests or may be cloud-based (and thus in neither forest).